Close Menu
Indo Guard OnlineIndo Guard Online
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
What's Hot

Massive Android fraud operations are detected: iconade, kaleidoscope, malicious SMS software, NFC scams

July 3, 2025

Chinese hackers operate Ivanti CSA Zero-Days in attacks on the French government, telecommunications

July 3, 2025

More than 40 malicious Firefox extensions target cryptocurrency wallets, steel assets

July 3, 2025
Facebook X (Twitter) Instagram
Facebook X (Twitter) Instagram YouTube
Indo Guard OnlineIndo Guard Online
Subscribe
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
Indo Guard OnlineIndo Guard Online
Home » New GoIssue Phishing Tool Targets GitHub Developers at Mass Electronics Companies
Global Security

New GoIssue Phishing Tool Targets GitHub Developers at Mass Electronics Companies

AdminBy AdminNovember 12, 2024No Comments4 Mins Read
New Phishing Tool
Share
Facebook Twitter LinkedIn Pinterest Email Copy Link


November 12, 2024Ravi LakshmananEmail Security / Threat Intelligence

A new phishing tool

Cybersecurity researchers are turning their attention to a sophisticated new tool called GoIssue that can be used to send large-scale phishing emails targeting GitHub users.

A program first marketed by a threat actor named Cyberdluffy (aka Cyber ​​D’ Luffy) on Runion Forum earlier this August touted as a tool that allows criminals to extract email addresses from public GitHub profiles and send mass emails directly to users’ mailboxes.

“Whether you’re looking to reach a specific audience or expand your reach, GoIssue offers the precision and power you need,” the threat actor claimed in his post. “GoIssue can send bulk emails to GitHub users directly to their mailboxes, targeting any recipient.”

Cyber ​​security

SlashNext said the tool marks a “dangerous shift in targeted phishing” that can act as a gateway to source code theft, supply chain attacks and corporate network breaches through compromised developer credentials.

“Armed with this information, attackers can launch customized mass email campaigns designed to bypass spam filters and target specific developer communities,” the company said in a statement. said.

A special GoIssue build is available for $700. Additionally, buyers can get full access to the source code for $3,000. As of October 11, 2024, the prices have been reduced to $150 and $1000 for a custom build and full source code for the “first 5 customers”.

In a hypothetical attack scenario, a threat actor could use this method to redirect victims to fake pages that aim to capture their login credentials, download malware, or authorize a fake OAuth application that requests access to their private storage and data.

Another aspect of Cyberdluffy to look out for is their Telegram profile, where they claim to be “members of the Gitloker team”. There was a gitlocker previously attributed to an extortion campaign focused on GitHub, which involved tricking users into clicking on a compromised link while posing as GitHub security and recruitment.

A new phishing tool

Links are sent in emails that are automatically triggered by GitHub after developer accounts are tagged in spam comments on random open issues or pull requests using already compromised accounts. The scam pages instruct them to log into their GitHub accounts and authorize a new OAuth application to apply for new jobs.

If a careless developer grants all the requested permissions to the OAuth malware, the threat actors proceed to wipe the entire contents of the repository and replace it with a ransom message that urges the victim to contact an individual named Gitloker on Telegram.

“GoIssue’s ability to mass-send these targeted emails allows attackers to scale their campaigns, affecting thousands of developers at once,” SlashNext said. “This increases the risk of successful hacks, data theft and hacked projects.”

This development comes after Perception Point outlined a new two-stage phishing attack that uses Microsoft Visio (.vdsx) and SharePoint files to obtain credentials. The emails are pretending to be business offers and are sent from previously compromised email accounts to bypass authentication.

Cyber ​​security

“Clicking on the provided URL in the body of the email or in the attached .eml file takes the victim to a Microsoft SharePoint page that contains the Visio (.vsdx) file,” the company said. “The SharePoint account used to upload and host .vdsx files is also often compromised.”

There is another clickable link in the Visio file that ultimately takes the victim to a fake Microsoft 365 login page with the ultimate goal of collecting their credentials.

“Two-step phishing attacks using trusted platforms and file formats like SharePoint and Visio are becoming more common,” Perception Point added. “These multi-layered evasion tactics leverage users’ trust in familiar tools evading detection by standard email security platforms.”

Did you find this article interesting? Follow us Twitter  and LinkedIn to read more exclusive content we publish.





Source link

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
Admin
  • Website

Related Posts

Massive Android fraud operations are detected: iconade, kaleidoscope, malicious SMS software, NFC scams

July 3, 2025

Chinese hackers operate Ivanti CSA Zero-Days in attacks on the French government, telecommunications

July 3, 2025

More than 40 malicious Firefox extensions target cryptocurrency wallets, steel assets

July 3, 2025

CISCO’s critical vulnerability in uniform grants on root access to static credentials

July 3, 2025

North Korean Hackers Target Web3 with malicious NIM software and use Clickfix in Babyshark

July 2, 2025

Hackers using PDFs to get yourself for Microsoft, Docusign and more in phishing campaigns return call

July 2, 2025
Add A Comment
Leave A Reply Cancel Reply

Loading poll ...
Coming Soon
Do You Like Our Website
: {{ tsp_total }}

Subscribe to Updates

Get the latest security news from Indoguardonline.com

Latest Posts

Massive Android fraud operations are detected: iconade, kaleidoscope, malicious SMS software, NFC scams

July 3, 2025

Chinese hackers operate Ivanti CSA Zero-Days in attacks on the French government, telecommunications

July 3, 2025

More than 40 malicious Firefox extensions target cryptocurrency wallets, steel assets

July 3, 2025

CISCO’s critical vulnerability in uniform grants on root access to static credentials

July 3, 2025

North Korean Hackers Target Web3 with malicious NIM software and use Clickfix in Babyshark

July 2, 2025

Hackers using PDFs to get yourself for Microsoft, Docusign and more in phishing campaigns return call

July 2, 2025

This network traffic looks legal but it can hide a serious threat

July 2, 2025

US Sanctions of Russia

July 2, 2025
About Us
About Us

Provide a constantly updating feed of the latest security news and developments specific to Indonesia.

Facebook X (Twitter) Pinterest YouTube WhatsApp
Our Picks

Massive Android fraud operations are detected: iconade, kaleidoscope, malicious SMS software, NFC scams

July 3, 2025

Chinese hackers operate Ivanti CSA Zero-Days in attacks on the French government, telecommunications

July 3, 2025

More than 40 malicious Firefox extensions target cryptocurrency wallets, steel assets

July 3, 2025
Most Popular

In Indonesia, crippling immigration ransomware breach sparks privacy crisis

July 6, 2024

Why Indonesia’s Data Breach Crisis Calls for Better Security

July 6, 2024

Indonesia’s plan to integrate 27,000 govt apps in one platform welcomed but data security concerns linger

July 6, 2024
© 2025 indoguardonline.com
  • Home
  • About us
  • Contact us
  • Privacy Policy

Type above and press Enter to search. Press Esc to cancel.